AT&T! What's not to love?! According to Gawker, hackers were able to access a script on the AT&T website that would give up an iPad user email address if the iPad ICC-ID's were known. The hackers, part of a group called Goatse Security (OMG), used known ICC-ID numbers to create a program to automatically pull 114,000 email addresses including high ranking military, business and government leaders.
AT&T has known about the breach for at least two days, yet hasn't notified any customers, according to Gawker.
Within the military, we saw several devices registered to the domain of DARPA, the advanced research division of the Department of Defense, along with the major service branches. To wit: One affected individual was William Eldredge, who "commands the largest operational B-1 [strategic bomber] group in the U.S. Air Force." In the media and entertainment industries, affected accounts belonged to top executives at the New York Times Company, Dow Jones, Condé Nast, Viacom, Time Warner, News Corporation, HBO and Hearst. In finance, accounts belonged to companies from Goldman Sachs to JP Morgan to Citigroup to Morgan Stanley. Dozens of venture capital and private firms made appearances as well. In government, affected accounts included a GMail user who appears to be Rahm Emanuel and staffers in the Senate, House of Representatives, Department of Justice, NASA, Department of Homeland Security, FAA, FCC, and National Institute of Health.
AT&T released the following statement:
"AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.
This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.
The person or group who discovered this gap did not contact AT&T.
We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted."